CVE lookup
CVE-2026-39850
Pruva has a verified reproduction for CVE-2026-39850: Yii2: local file inclusion via View::renderPhpFile extract() of caller-controlled params. The canonical evidence record is REPRO-2026-00156.
REPRO
REPRO-2026-00156
Package
yiisoft/yii2 · composer
Severity
HIGH
Status
published